POPULARITY
In this episode of Crazy Wisdom, I, Stewart Alsop, sit down with Naman Mishra, CTO of Repello AI, to unpack the real-world security risks behind deploying large language models. We talk about layered vulnerabilities—from the model, infrastructure, and application layers—to attack vectors like prompt injection, indirect prompt injection through agents, and even how a simple email summarizer could be exploited to trigger a reverse shell. Naman shares stories like the accidental leak of a Windows activation key via an LLM and explains why red teaming isn't just a checkbox, but a continuous mindset. If you want to learn more about his work, check out Repello's website at repello.ai.Check out this GPT we trained on the conversation!Timestamps00:00 - Stewart Alsop introduces Naman Mishra, CTO of Repel AI. They frame the episode around AI security, contrasting prompt injection risks with traditional cybersecurity in ML apps.05:00 - Naman explains the layered security model: model, infrastructure, and application layers. He distinguishes safety (bias, hallucination) from security (unauthorized access, data leaks).10:00 - Focus on the application layer, especially in finance, healthcare, and legal. Naman shares how ChatGPT leaked a Windows activation key and stresses data minimization and security-by-design.15:00 - They discuss red teaming, how Repel AI simulates attacks, and Anthropic's HackerOne challenge. Naman shares how adversarial testing strengthens LLM guardrails.20:00 - Conversation shifts to AI agents and autonomy. Naman explains indirect prompt injection via email or calendar, leading to real exploits like reverse shells—all triggered by summarizing an email.25:00 - Stewart compares the Internet to a castle without doors. Naman explains the cat-and-mouse game of security—attackers need one flaw; defenders must lock every door. LLM insecurity lowers the barrier for attackers.30:00 - They explore input/output filtering, role-based access control, and clean fine-tuning. Naman admits most guardrails can be broken and only block low-hanging fruit.35:00 - They cover denial-of-wallet attacks—LLMs exploited to run up massive token costs. Naman critiques DeepSeek's weak alignment and state bias, noting training data risks.40:00 - Naman breaks down India's AI scene: Bangalore as a hub, US-India GTM, and the debate between sovereignty vs. pragmatism. He leans toward India building foundational models.45:00 - Closing thoughts on India's AI future. Naman mentions Sarvam AI, Krutrim, and Paris Chopra's Loss Funk. He urges devs to red team before shipping—"close the doors before enemies walk in."Key InsightsAI security requires a layered approach. Naman emphasizes that GenAI applications have vulnerabilities across three primary layers: the model layer, infrastructure layer, and application layer. It's not enough to patch up just one—true security-by-design means thinking holistically about how these layers interact and where they can be exploited.Prompt injection is more dangerous than it sounds. Direct prompt injection is already risky, but indirect prompt injection—where an attacker hides malicious instructions in content that the model will process later, like an email or webpage—poses an even more insidious threat. Naman compares it to smuggling weapons past the castle gates by hiding them in the food.Red teaming should be continuous, not a one-off. One of the critical mistakes teams make is treating red teaming like a compliance checkbox. Naman argues that red teaming should be embedded into the development lifecycle, constantly testing edge cases and probing for failure modes, especially as models evolve or interact with new data sources.LLMs can unintentionally leak sensitive data. In one real-world case, a language model fine-tuned on internal documentation ended up leaking a Windows activation key when asked a completely unrelated question. This illustrates how even seemingly benign outputs can compromise system integrity when training data isn't properly scoped or sanitized.Denial-of-wallet is an emerging threat vector. Unlike traditional denial-of-service attacks, LLMs are vulnerable to economic attacks where a bad actor can force the system to perform expensive computations, draining API credits or infrastructure budgets. This kind of vulnerability is particularly dangerous in scalable GenAI deployments with limited cost monitoring.Agents amplify security risks. While autonomous agents offer exciting capabilities, they also open the door to complex, compounded vulnerabilities. When agents start reading web content or calling tools on their own, indirect prompt injection can escalate into real-world consequences—like issuing financial transactions or triggering scripts—without human review.The Indian AI ecosystem needs to balance speed with sovereignty. Naman reflects on the Indian and global context, warning against simply importing models and infrastructure from abroad without understanding the security implications. There's a need for sovereign control over critical layers of AI systems—not just for innovation's sake, but for national resilience in an increasingly AI-mediated world.
In this episode of The Eric Ries Show, I sit down with Marten Mickos, a serial tech CEO who has been at the forefront of some of the most transformative moments in open-source technology. From leading MySQL through its groundbreaking journey to guiding HackerOne as a pioneering bug bounty platform, Marten's career is a masterclass in building innovative, trust-driven organizations.Our wide-ranging conversation explores Marten's remarkable journey through tech leadership, touching on his experiences building game-changing companies and, more recently, his work coaching emerging CEOs. We dive deep into the world of open source, company culture, and the nuanced art of leadership.In our conversation today, we talk about the following topics: • How MySQL revolutionized open-source databases and became Facebook's database• The strategic decision to make MySQL open source and leverage Linux distributions• The art of building a beloved open-source project while creating a profitable business model• How a lawsuit solidified MySQL's position in the open-source database market• The role of transparency and direct feedback in building organizational trust• Why Marten was drawn to HackerOne's disruptive approach to cybersecurity• Marten's transition to coaching new CEOs • Marten's unique "contrast framework" for making complex decisions• And much more!—Brought to you by:• Wilson Sonsini – Wilson Sonsini is the innovation economy's law firm. Learn more.• Gusto – Gusto is an easy payroll and benefits software built for small businesses. Get 3 months free.—Where to find Marten Mickos: • LinkedIn: https://www.linkedin.com/in/martenmickos/• Bluesky: https://bsky.app/profile/martenmickos.bsky.social—Where to find Eric:• Newsletter:https://ericries.carrd.co/ • Podcast:https://ericriesshow.com/ • YouTube:https://www.youtube.com/@theericriesshow —In This Episode We Cover:(00:00) Intro(03:15) The first time Eric used MySQL(07:10) The origins of MySQL and how Marten got involved (13:22) Why MySQL pivoted to open source to leverage the power of Linux distros(17:03) Open source vs. closed (18:56) Building profitable open-source companies (24:52) The fearless company culture at MySQL and the Progress lawsuit(29:30) The value of not cutting any corners (33:35) How a dolphin became part of the MySQL logo (35:55) What it was like to build a company of true believers(38:47) Marten's management approach emphasizes kindness and direct feedback (42:12) Marten's hiring philosophy(45:14) Why MySQL sold to Sun Microsystems and tried to avoid Oracle (50:24) How Oracle has made MySQL even better(52:22) Why Marten decided to lead at HackerOne(55:41) An overview of HackerOne(59:31) How HackerOne got started and landed the Department of Defense contract(1:03:19) The trust-building power of transparency(1:08:30) Marten's successor and the state of HackerOne now(1:09:23) Marten's work coaching CEOs(1:14:20) Common issues CEOs struggle with (1:16:45) Marten's contrast framework (1:26:12) The book of Finnish poetry that inspired Marten's love of polarities—You can find the transcript and references at https://www.ericriesshow.com/—Production and marketing byhttps://penname.co/.Eric may be an investor in the companies discussed.
In this episode of the Risk Management Show, we debunk common bug bounty myths and explore what risk managers need to know to enhance their cyber security strategies. Joining us is Will Kapcio, Sales Engineer Manager at HackerOne, the world leader in hacker-powered security. Will shares expert insights into the realities of bug bounty programs, how private initiatives often outperform public ones, and the critical role they play in identifying vulnerabilities that evade traditional testing methods. We also discuss the findings of HackerOne's latest Hacker-Powered Security Report, including the top vulnerabilities organizations still struggle with, the impact of AI on both attackers and defenders, and practical advice for launching and scaling a successful bug bounty program. Whether you're a Chief Risk Officer, cyber security professional, or simply interested in the intersection of risk management and sustainability, this episode is packed with actionable insights. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal." Don't miss this invaluable di
In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change 'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-395
In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change 'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-395
In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change Show Notes: https://securityweekly.com/esw-395
In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change Show Notes: https://securityweekly.com/esw-395
While we're still in the infancy of 2025, the New Year has proven to have no issues in welcoming in a number of pre-existing challenges – whether we're talking about cybersecurity or … other social topics.So, in continuing this trend, we tapped into a unique collection of voices to discuss a topic that has, and will continue to be, vital to industrial cybersecurity efforts – Artificial Intelligence. First, we'll hear from Mandiant's Paul Shaver as he discusses the legacy dynamics of industrial cybersecurity, including ongoing obstacles associated with inventory, visibility and segmentation strategies – and the impact AI could have on all of them. Then we'll transition to HackerOne's Will Kapcio for his take on AI and the ongoing evolution of cybersecurity tools. We'll wrap up with instructor and the author of the Hack is Back as he discusses what drove his desire to write the book, the impact AI is having on the next generation of cybersecurity specialists, and the evolving vulnerabilities they can expect to face.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Kara Sprague is the Chief Executive Officer at HackerOne. In this episode, she joins host Amanda Glassner to discuss her experience as a woman in cybersecurity, the benefits that diverse perspectives bring to a leadership team, the value of recruitment and retention, and more, as well as what's next for HackerOne. • For more on cybersecurity, visit us at https://cybersecurityventures.com
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391
This episode is the interview with Johan Carlsson, a full-time bug bounty hunter who specialises in client-side bugs and is currently the TOP1 hunter on GitLab.
This week on the Revenue Insights Podcast, Guy Rubin, CEO of Ebsta, speaks with Dean Hickman-Smith, Chief Revenue Officer at HackerOne. In this episode, Guy and Dean explore the evolution of sales leadership, the power of community in B2B sales, and how AI is transforming sales enablement and performance. With over 20 years of experience scaling InfoSec and identity companies, Dean shares insights on building global teams, leveraging partner ecosystems, and creating effective sales enablement programs in today's virtual environment. Dean Hickman-Smith is the Chief Revenue Officer at HackerOne, where he leads a global team helping organizations find and fix critical vulnerabilities through ethical hacking. He has held leadership positions at companies including Netscreen, Proofpoint, and AeroHive. At HackerOne, he oversees a team of 70+ sellers globally, managing the world's largest network of ethical hackers with over 2 million people on their platform.
Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncAnd AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest: https://sharonbrizinov.com/ResourcesThe Claroty Research Teamhttps://claroty.com/team82Pwntoolshttps://github.com/Gallopsled/pwntoolsScan My SMShttp://scanmysms.comGotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMShttps://www.youtube.com/watch?v=EhNsXXbDp3UTimestamps(00:00:00) Introduction(00:03:31) Sharon's Origin Story(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne(00:47:05) IoT/ICS Hacking Methodology(01:10:13) Cloud to Device Communication(01:18:15) Bug replication and uncommon attack surfaces(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS
In this episode of "Screaming in the Cloud," we're making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he's responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You'll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there's anything you can take away from this episode, it's that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.Show Highlights(0:00) Intro(0:38) Blackblaze sponsor read(1:06) The role of AWS' security team outreach group(2:21) The nuance of the Vulnerability Disclosure Program(4:05) Will the VDP program replace human interactions(10:08) Response disclosure vs. coordinated disclosure(15:26) The high-quality communication of the AWS security team(17:33) Gitpod sponsor read(18:45) Security researchers vs. "security researchers"(25:54) What's next for the VDP Program?(29:26) Avoiding "security by obscurity"(32:08) Being intentional with security messaging(36:16) Where you can find more from RyanAbout Ryan NoletteRyan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint securityLinksAWS VDP on HackerOne: hackerone.com/aws_vdpAWS VDP inbox: aws-security@amazon.comLinkedIn: www.linkedin.com/in/cloudy-with-a-chance-of-securityAWS Vulnerability Reporting site: https://aws.amazon.com/security/vulnerability-reporting/Give your feedback on the recently expanded VDP program: https://pulse.aws/survey/MOOFGRLMSponsorsBackblaze: https://www.backblaze.com/Gitpod: gitpod.io
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. Show Notes: https://securityweekly.com/esw-379
Suomi & Eurooppa ovat jäämässä jalkoihin kun Yhdysvaltojen talous porskuttaa. Meidän onkin suunnattava katseemme länteen! Mitä me voimme oppia amerikkalaisilta kollegoiltamme? Studiossa asiasta keskustelemassa Taneli Rantalan seurassa vuosikymmeniä Yhdysvalloissa liiketoimintaa pyörittänyt HackerOne:n toimitusjohtaja, sarjayrittäjä, sijoittaja, kunniakonsuli ja aktiivinen liike-elämän ja startup-kentän vaikuttaja Mårten Mickos.Puhumme tilanteen vakavuudesta, kulttuurin eroista vahvuuksineen ja heikkouksineen, sekä tietysti opeista, joita me suomalaiset yritysjohtajat voimme napata Amerikan kollegoilta. Nyt on aika ajatella isosti - nyt on aika tehdä asioita Amerikan meiningillä!Lue lisää ja ota yhteyttä: Kotisivumme: https://lifted.fi/Liftcast-jaksot: https://lifted.fi/podcast/Palvelumme: https://lifted.fi/palvelut/LinkedIn-sivumme: https://www.linkedin.com/company/lifted-fi/Email-osoitteemme: lifted@lifted.fi
Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne EventsFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/SinSinologyBlog: https://sinsinology.medium.com/Resources:WhatsUp Gold Pre-Auth RCEAdvanced .NET Exploitation TrainingdnSpyExQEMUUnicorn EngineQilinglibAFLAlex Plaskett interviewTippingPointFlashback TeamTimestamps:(00:00:00) Introduction(00:12:45) Learning, Mentorship, and Failure(00:29:34) Pentesting and Pwn2Own(00:40:05) Hacking methodology(01:01:57) Debuggers and shells in IoT Devices(01:35:40) Differences between ZDI and HackerOne(02:02:27) Pwn2Own Steps and Stories(02:14:06) Master of Pwn Title(02:29:54) Bug reports
On this episode of The Table with Anthony ONeal, we're joined by Arlan Hamilton founder of Backstage Capital and HireRunner.co, remarkable entrepreneur, author, investor, and speaker. She shares invaluable insights on entrepreneurship, the start of her investment journey, and how she made her first million dollars at 40 years old. Arlan's story is a testament to resilience and determination, proving that it's never too late to transform your financial future and the power of perseverance.
On this episode of The Table with Anthony ONeal, we welcome Latasha Morrison, New York Times bestselling author of "Be The Bridge." Latasha shares insights from her latest book, "Brown Faces, White Spaces: Confronting Systemic Racism to Bring Healing and Restoration." She discusses her life journey, the ongoing struggle for equality and equity for Black people, and the history of redlining. Latasha's profound understanding of systemic racism provides a roadmap for healing and restoration, making this episode an essential listen for anyone committed to social justice. Join us as we delve into her powerful message and learn how we can all contribute to a more equitable society.
On this episode of The Table with Anthony ONeal, we explore alternative strategies for wealth building that don't rely solely on the traditional 40-hour workweek. AO dives deep into the importance of prioritizing budgeting to manage finances effectively and discuss the benefits of pursuing entrepreneurship as a path to financial success. Join us as we share insights, tips, and actionable advice to help you achieve financial freedom and create a more flexible and fulfilling lifestyle.Mentioned On Today's Show:
On this episode of The Table with Anthony ONeal, Travis Greene joins to share his profound insights on aligning your desires with God's plan. Travis discusses the importance of asking what God wants for you, rather than just focusing on your own wants. He and AO delves into the necessity of learning how to plan without succumbing to jealousy towards others who may seem to be succeeding. Travis emphasizes that God's plan for you is unique, and there's no need to compare your journey with anyone else's. Tune in to gain valuable wisdom on finding peace and purpose in God's path for your life.
On this episode of The Table with Anthony ONeal, we share five transformative books that can lead you to generational wealth. AO carefully selected each book to provide valuable insights, strategies, and inspiration for achieving financial success. From timeless classics to modern gems, these books cover a range of topics such as wealth mindset, investment strategies, personal finance management, and entrepreneurship. Tune in as we explore how these books can empower you with the knowledge and tools needed to make informed decisions, build wealth, and create a prosperous future. Don't miss out on this enriching episode filled with actionable wisdom!Mentioned On Today's Show:**This show is sponsored and brought to you by Better Help!**
On this episode of The Table with Anthony ONeal, we sit down with Marilyn Mosby, who was wrongfully convicted of two counts of perjury and one count of mortgage fraud, potentially facing up to 40 years in federal prison. As her sentencing date approaches on May 23, 2024, civil rights organizations, including the NAACP, rally for a presidential pardon for Mosby. Join us as she courageously shares her side of the story, shedding light on the challenges of navigating the legal system and advocating for justice. Tune in to gain insights into Mosby's journey and the broader implications of her case on civil rights and the justice system.
On this episode of The Table with Anthony O'Neal, we share the vital strategies for selling your car without overpaying. Before stepping into the market, it's essential to define your preferences and requirements clearly. AO guides you through the process of evaluating your needs, setting a budget, and conducting comprehensive research to uncover the best opportunities. With a solid understanding and a strategic approach, you'll navigate the car-selling journey with confidence, ensuring that you receive optimal value for your vehicle. Tune in to discover actionable insights, make informed choices, and steer clear of common pitfalls in selling your car!Mentioned On Today's Show:
On this episode of The Table with Anthony ONeal, we have the remarkable Bishop Henry Fernandez joining us as we delve into insightful discussions covering a wide range of topics, from faith and finances to building a lasting legacy. Bishop Fernandez shares valuable perspectives on navigating the intersection of faith and wealth, strategies for financial stewardship, and the importance of leaving a meaningful legacy. We also explore the dynamics of dating in the context of faith and personal values, offering practical advice and wisdom for those seeking meaningful relationships. Tune in for an engaging and enlightening conversation with Bishop Henry Fernandez!Mentioned On Today's Show:
On this episode of The Table with Anthony ONeal, Sarah Jakes Roberts joins to discuss her latest book "Power Moves." Sarah dives deep into the concept of power moves, offering a fresh perspective that challenges common assumptions. During this candid conversation with AO, Sarah delves into the realities of building a successful marriage, sharing invaluable insights and advice. Don't miss this opportunity to gain wisdom on personal growth, relationships, and the true essence of making impactful moves in your life. Sarah's authenticity and expertise make this episode a must-watch!
On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:
On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:
On this episode of The Table with Anthony ONeal, we delve into the crucial numbers you need to track for effective wealth building. From understanding your essential expenses like housing, utilities, food, transportation, and child care to the importance of tracking for budgeting and identifying potential savings, AO covers it all! We also discuss what percentage of your income housing expenses should not exceed and share valuable insights on debt management strategies. Join us as we break down these key financial metrics to empower you with the knowledge to make informed decisions for a stronger financial future.Mentioned On Today's Show:**This show is sponsored and brought to you by Better Help!**
On this episode of The Table with Anthony ONeal, we share the essential strategies for avoiding overpaying when purchasing a car. Before diving into the market, it's crucial to gain a clear understanding of your wants and needs. AO explores how to assess your requirements, set a budget, and conduct thorough research to find the best deals. By equipping yourself with knowledge and a well-defined plan, you can navigate the car-buying process confidently and ensure that you get the most value for your money. Tune in to learn how to make informed decisions and avoid common pitfalls in car purchases!Mentioned On Today's Show:
On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:
On today's Build Your Table Live, AO shares his thoughts on the implications of the possible TikTok ban and how this will reshape the social media scene. He also touches on the FTC's decision to outlaw noncompetes, analyzing its effects on businesses and employees alike, and delves into the controversial topic of teachers being allowed to carry firearms, examining the arguments for and against this policy. Join us as we navigate these important issues and uncover their significance in today's rapidly evolving world.▶️ Watch the full episode here: https://youtube.com/live/xp6kk7b6EsQMentioned On Today's Live:
On this episode of The Table with Anthony ONeal, we take a closer look into the common traits shared by Black Billionaires in their journey to generational wealth. From resilience and innovation to strategic decision-making, AO shares the key lessons that can be learned from their success stories. By studying their approaches and mindset, we can gain valuable insights into building wealth and achieving financial success. Tune in to learn the secrets of Black Billionaires and how you to can apply these principles to your own path towards financial freedom!Mentioned On Today's Show:
On today's Build Your Table Live, AO shares crucial money lessons that schools overlooked. From basic budgeting and financial planning to understanding investments. Tune in as AO gives practical tips for managing money, building wealth, and securing financial freedom. Whether you're a recent graduate or a seasoned professional, today's Live is a must-watch to fill the gaps in your financial education. Don't miss out on learning the vital money lessons that can profoundly impact your financial well-being and future success! ▶️ Watch the full show here: https://youtube.com/live/yzvppWHGevkMentioned On Today's Live:
Hey E3 fam! I'll be in Houston, Texas and Charlotte, North Carolina this week! Here are three compelling reasons why you NEED to be in the building: First, you'll gain invaluable financial education that can shape your financial future. Second, you'll have the amazing opportunity to network and connect with like-minded individuals. Lastly, You'll have access to expert advice from several leaders in their respective fields. Don't miss out on these exclusive events that promises to empower and enlighten you on your financial and spiritual journey!
On today's Build Your Table Live, AO shares how recent changes in student loan policies could benefit you personally and impact your financial future. We dive into the potential benefits of eliminating student loans, exploring how this liberation from debt can pave the way to true financial freedom. Join AO as he breaks down the implications and provide actionable advice on navigating these new developments. Don't miss this opportunity to learn how strategic financial planning, coupled with updated policies, can transform your financial landscape for the better!
On today's Build Your Table Live, AO shares crucial money lessons that schools overlooked. From basic budgeting and financial planning to understanding investments. Tune in as AO gives practical tips for managing money, building wealth, and securing financial freedom. Whether you're a recent graduate or a seasoned professional, today's Live is a must-watch to fill the gaps in your financial education. Don't miss out on learning the vital money lessons that can profoundly impact your financial well-being and future success! ▶️ Watch the full show here: https://youtube.com/live/yzvppWHGevkMentioned On Today's Live:
On this episode of The Table with Anthony ONeal, I share the realities of entrepreneurship, the highs, lows, and everything in between! Today I'm getting personal regarding the truth about running your own business, exploring the real challenges alongside the rewards, and why entrepreneurship may or may not be the right path for you. Whether you're a budding entrepreneur or simply curious about the entrepreneurial journey, this show offers valuable insights and perspectives that can guide your decision-making process. Don't miss out on this opportunity to gain a deeper understanding of what it takes to succeed as an entrepreneur!Mentioned On Today's Show:**This show is sponsored and brought to you by Better Help!**
On today's Build Your Table Live, AO shares how recent changes in student loan policies could benefit you personally and impact your financial future. We dive into the potential benefits of eliminating student loans, exploring how this liberation from debt can pave the way to true financial freedom. Join AO as he breaks down the implications and provide actionable advice on navigating these new developments. Don't miss this opportunity to learn how strategic financial planning, coupled with updated policies, can transform your financial landscape for the better!
On today's Build Your Table Live, AO shares how recent changes in student loan policies could benefit you personally and impact your financial future. We dive into the potential benefits of eliminating student loans, exploring how this liberation from debt can pave the way to true financial freedom. Join AO as he breaks down the implications and provide actionable advice on navigating these new developments. Don't miss this opportunity to learn how strategic financial planning, coupled with updated policies, can transform your financial landscape for the better!